Geolocation is a broad term for technologies which allows for the pinpointing (with accuracy) the physical location of any individual device that interacts with a network. It encompasses both the Global Positioning System (GPS) and IP address spaces. This article focuses on the latter.
While it is possible to map some IP addresses to street addresses, one of the major constraints on the accuracy of IP geolocation has to do with the infrastructure of the internet itself and the nature of IP addresses.
Understanding IP Addresses
An IP address is a layer 3 numeric address assigned by a network administrator which uniquely identifies each connection (not each user) to the internet. Both IP addresses used to serve content and receive it vary greatly, in terms of how frequently they may move location, who may be using them, and whether they are directly associated with the end-user or server doing the communicating due to the following reasons:
- A web server may host several many different sites or apps behind a single IP address.
- In a content delivery network, the end-user communicates with an edge server, which in turn communicates with many origin servers that host content. In these cases, the end-user knows the IP address of the edge server, but not the actual origin server that hosts the website or application s/he is trying to access.
- When end users use an anonymizing proxy, a server makes requests for content on behalf of the end-user. This means that the IP address of the server is being used to browse the internet and not that of the end-user, thus it is not possible to determine the geolocation of the end-user.
- Internet Service Providers (ISPs) have a huge portion of the IP space to distribute among their customers. They may change the IP address of an end-user for any number of reasons.
- Mobile users may be assigned several different IP addresses as they travel, as they browse using their cellular data plan and public wifi available at a variety of businesses.
This relay of requests introduces complexity into the question of "Where on Earth is this IP address located?". Complexity does not mean that IP geolocation cannot be done, but in order to use it effectively we have to understand its limitations.
IP2Geo Service Providers
Data on IP addresses is sourced from ISPs and held in a IP geolocation database. IP geolocation enables this data to be pulled from the database and used to address a wide range of use cases. This information can span everything from country to city to latitude/longitude to ISP.
An IP lookup can be used to detect an IP address using an IP geolocation API. This API will then compare the suspect IP address to the IP geolocation database it is connected to, which will enable it to get more detailed information. This data is then sent through the API so that the services it is integrated with can source this information.
IP2Geo service providers claim they have very accurate information. But how reliable is this claim? Let us verify by investigating the IP address 216.58.223.206 using the website resolve.rs that queries over 20 IP2Geo service providers for an IP address. Below are the results obtained:
Provider |
Results |
AbstractAPI |
US: Mountain View, California, United States: 37.4043, -122.0748 |
BigDataCloud |
US: San Jose, California, United States of America: 37.42, -122.09 |
HostIP.info |
US: (Unknown City), United States |
IP-API |
NG: Lagos, Lagos, Nigeria, 6.52438, 3.37921 |
ipapi |
ZA: Johannesburg, Guateng, South Africa, -26.199169158935547, 28.0563907623291 |
ipdata |
US: null, null, United States, 37.750999450683594, -97.8219985961914 |
ipgeolocation |
US: Mountain View, California, United States: 37.42240, -122.08421 |
ipinfo |
NG: Lagos, Lagos, NG: 6.4541,3.3947 |
iplocate |
US: null, null, United States: 37.751, -97.822 |
ipwhois.io |
US: Washington, District of Columbia, United States: 38.9071923, -77.0368707 |
ipregistry.co |
US: Mountain View, California, United States: 37.40599, -122.0786 |
KeyCDN |
US: null, null, United States: 37.751, -97.822 |
MaxMind |
US: null, null, United States: 37.751, -97.822 |
radar.io |
US: Mountain View, California, United States: 37.40599060058594, -122.078514099121 |
As can be seen, the answers vary on the true location of the queried IP address. A variety of reasons, (some of which has been explained in the behaviour of IP address section) could explain the disparity in results. Other reasons could be that the IP2Geo service provider may have old data in their databases or process results incorrectly.
Traceroute
There is another method of verifying the location of a suspect IP address that proves to be more potent. Traceroute, also known as tracepath or treacert is a network tool used to determine the path packets take to a user-specified destination system.
The route can involve many different systems along the way. Each system along the route is referred to as a hop. You can trace all hops along the route or specify the starting and ending hops to be traced.
The route is traced by sending packets (called probes) to the destination system. Each probe contains an upper limit (called Time To Live or TTL) on the number of hop systems the probe can pass through.
Note: In IP Version 6, Time To Live (TTL) is called the hop limit.
A route is traced by successively incrementing the TTL of the probe packets by one hop. The trace ends when either a probe response is received from the destination system or when the probe Time To Live value equals the maximum allowed.
Responses from the probe packets are sent as messages to the job log or as queue entries to a user-specified data queue.
Within Windows, there is the tool tracert, and for Linux and mac OS, the tool traceroute can be run. When running tracert to the IP, I obtained the following result.
To determine the location of the queried IP address, attention should be paid to the last, or penultimate hop, or individual routing device, before the actual destination is reached. In line number 9, we see the IP address 172.252.76.171 and this is actually a hop into the United States before it hits one other device that brings us to the destination IP address. This might be indicative of a destination in the United States.
An online traceroute tool is also available at ViewDNS which traces the series of servers that data traverses from the ViewDNS server to the specified domain name or IP address. These will occasionally identify associated networks, routers, and servers. The numbers after the IP addresses indicate the number of milliseconds that each "hop" took.
In line 20, we see the IP address 172.252.76.171 once again and this is actually a hop into the United States before it hits one other device that brings us to the destination IP address. This might be indicative of a destination in the United States.
Conclusion
Using traceroute provides the most reliable way to determine the most probable location of an IP address. Even the APNIC, the regional Internet address registry for the Asia-Pacific region states in an article that they: "consider the IP in the same economy as the LG if the traceroute confirms a topological proximity." Any other way of checking the location does not seem to meet their standards. No IP2Geo database in the world will be fool proof, so the only way to find a geographical area is to use basic physics to determine how long it takes for electricity or light to travel to a medium called a 'network cable'.
Post a Comment